Want CNET to notify you of price drops and the latest stories?

LinkedIn hit with $5M lawsuit over lost passwords

The company says a Illinois woman's claims that LinkedIn didn't adequately protect user data are 'without merit.'

Donna Tam Staff Writer / News
Donna Tam covers Amazon and other fun stuff for CNET News. She is a San Francisco native who enjoys feasting, merrymaking, checking her Gmail and reading her Kindle.
Donna Tam
2 min read

An Illinois woman is leading the charge against LinkedIn in a $5 million class-action lawsuit that alleges the social network failed to protect its members' data.

The suit is a result of the recent security breach in which hackers stole thousands of passwords. The passwords ended up on a site accessible to the public.

Katie Szpyrka, a registered LinkedIn account holder since 2010, filed suit last week in the U.S. District Court in the Northern District of California, claiming LinkedIn violated its own privacy policies and user agreements by not following industry, ZDNet reported today.

LinkedIn spokeswoman Erin O'Harra said the allegations are "without merit."

"No member account has been breached as a result of the incident, and we have no reason to believe that any LinkedIn member has been injured," O'Harra wrote in an e-mail to CNET. "Therefore, it appears that these threats are driven by lawyers looking to take advantage of the situation."

Szpyrka is demanding a jury trial. The class-action suit will include individuals and entities in the U.S. who had a LinkedIn account on or before June 6, 2012, including those who paid for an upgraded account.

LinkedIn confirmed reports two weeks ago of 6.5 million member passwords being leaked. Later in the day, other sites confirmed that their passwords were also compromised, including 1.5 million that were suspected to be eHarmony passwords.

In the suit, Szpyrka, who pays $26.95 per month for a premium LinkedIn account, pointedout that LinkedIn's privacy policy promises users that all the information they provide is protected with industry standards and technology. She said LinkedIn should have "salted" the passwords. Salting is an encryption technique that provides an added layer of security to data.

After news broke of the passwords, LinkedIn admitted to not salting the passwords before storing them, but said it is using the technique now.

Correction, June 19 at 5:03 p.m. PT: The earlier version of this story had an incorrect number of leaked LinkedIn passwords.